Twitter Vulnerability Surfaces

Twitter, everyone's favorite useless yet addictive global away message service thing, seems to have been exploited by a user. Whenever someone visits and is currently logged into their Twitter account, their Twitter message will say something along the lines of "Looking at Bon's Twitter page". I fell victim to this earlier today after I saw a friend's Twitter say that.

Twitter exploit

I looked around the page source and other included files with FireBug but I didn't see anything resembling a possible XSS exploit. As of this writing, it seems like the page no longer changes your message. This whole thing made me realize how powerful the exploit or whatever you want to call it could have been, considering many people have their Twitter status embedded on their website.

This is similar to how many people have MyBlogLog badges on their site and the recent exploit for free advertising.